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Question: 1 


You find that Gateway fw2 can NOT be added to the cluster object. 
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(i)  fw2 is a member in a VPN community. 
(i) ClusterXL software blade is not enabled on fw2. 
(iii) fw2 is a DAIP Gateway. 


What are possible reasons for that? 

1) fw2 is a member in a VPN community. 

2) ClusterXL software blade is not enabled on fw2. 
3) fw2 is a DAIP Gateway. 


A.2or3 
B.1or2 
C.1or3 
D. All 


Answer: C 
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Question: 2 


Which is the lowest Gateway version manageable by SmartCenter R77? 


A. R65 
B. S71 
C. R55 
D. R60A 


Answer: A 


Question: 3 


A ClusterXL configuration is limited to members. 


A. There is no limit. 
B. 16 

C. 8 

D. 2 


Answer: C 


Question: 4 


CORRECT TEXT 
Fill in the blank. The command that typically generates the firewall application, operating system, 
and hardware specific drivers is 


Answer: snapshot 


Question: 5 


When a packet is flowing through the security gateway, which one of the following is a valid 
inspection path? 


A. Acceleration Path 
B. Small Path 

C. Firewall Path 

D. Medium Path 


Answer: D 


Question: 6 


If your firewall is performing a lot of IPS inspection and the CPUs assigned to fw_worker_thread are 
at or near 100%, which of the following could you do to improve performance? 
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A. Add more RAM to the system. 

B. Add more Disk Drives. 

C. Assign more CPU cores to CoreXL 

D. Assign more CPU cores to SecureXL. 


Question: 7 


What is Check Point's CoreXL? 


A. A way to synchronize connections across cluster members 
B. TCP-18190 

C. Multiple core interfaces on the device to accelerate traffic 
D. Multi Core support for Firewall Inspection 


Question: 8 


The challenges to IT involve deployment, security, management, and what else? 


A. Assessments 
B. Maintenance 
C. Transparency 
D. Compliance 


Question: 9 


What is the offline CPSIZEME upload procedure? 


A. Find the cpsizeme_of_<gwname>.pdf, attach it to an 
cpsizeme_upload@checkpoint.com 

B. Use the webbrowser version of cpsizeme and fax it to Check Point. 
C. Find the cpsizeme_of_<gwname>.xml, attach it to an 
cpsizeme_upload@checkpoint.com 

D. There is no offline upload method. 


Question: 10 


How frequently does CPSIZEME run by default? 
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Answer: C 


Answer: D 


Answer: D 
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A. weekly 
B. 12 hours 
C. 24 hours 
D. 1 hour 
Answer: C 
Question: 11 
How do you run “CPSIZEME” on SPLAT? 
A. [expert@HostName]#>./cpsizeme -h 
B. [expert@HostNamel]# ./cpsizeme -R 
C. This is not possible on SPLAT 
D. [expert@HostName]# ./cpsizeme 
Answer: D 


Question: 12 


How do you upload the results of “CPSIZEME” to Check Point when using a PROXY server with 
authentication? 


A. [expert@ HostName]# ./cpsizeme.exe —a username:password@proxy_address:port 
B. [expert@HostName]# ./cpsizeme —p username:password@proxy_address:port 
C. [expert@HostName]# ./cpsizeme —a username:password@proxy_address:port 
D. [expert@HostName]# ./cpsizeme.exe —p username:password@proxy_address:port 


Answer: B 


Question: 13 


Can the smallest appliance handle all Blades simultaneously? 


A. Depends on the number of protected clients and throughput. 
B. Depends on number of concurrent sessions. 

C. Firewall throughput is the only relevant factor. 

D. It depends on required SPU for customer environment. 


Answer: D 


Question: 14 


Which statements about Management HA are correct? 
1) Primary SmartCenter describes first installed SmartCenter 
2) Active SmartCenter is always used to administrate with SmartConsole 
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3) Active SmartCenter describes first installed SmartCenter 
4) Primary SmartCenter is always used to administrate with SmartConsole 


A. 1 and 4 
B. 2 and 3 
C. 1 and 2 
D. 3 and 4 


Answer: C 


Question: 15 


Which of the following is NOT an advantage of SmartLog? 


A. SmartLog has a “Top Results” pane showing things like top sources, rules, and users. 

B. SmartLog displays query results across multiple log files, reducing the need to open previous files 
to view results. 

C. SmartLog requires less disk space by consolidating log entries into fewer records. 

D. SmartLog creates an index of log entries, increasing query speed. 


Answer: C 


Question: 16 


Exhibit: 


Cluster Mode:ONew High Availability ¢Primary Up? 


Number Unique IP Address Assigned Load State 
1 ¢local>d 192.168.1.1 0z standby 
2 192.168.1.2 100z active 


From the following output of cphaprob state, which ClusterXL mode is this? 


A. Unicast mode 
B. Multicast mode 
C. New mode 

D. Legacy mode 


Answer: A 


Question: 17 


Which of the following is NOT a feature of ClusterXL? 
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A. Transparent upgrades 

B. Zero downtime for mission-critical environments with State Synchronization 

C. Enhanced throughput in all ClusterXL modes (2 gateway cluster compared with 1 gateway) 
D. Transparent failover in case of device failures 


Answer: C 


ClusterXL provides: 


Question: 18 


In which case is a Sticky Decision Function relevant? 


A. Load Balancing — Forward 
B. High Availability 

C. Load Sharing — Multicast 
D. Load Sharing — Unicast 


Answer: C 


Question: 19 


What is NOT a valid LDAP use in Check Point SmartDirectory? 


A. Retrieve gateway CRL’s 

B. Enforce user access to internal resources 

C. External users management 

D. Provide user authentication information for the Security Management Server 


Answer: B 


Question: 20 


There are several SmartDirectory (LDAP) features that can be applied to further enhance 
SmartDirectory (LDAP) functionality, which of the following is NOT one of those features? 


A. Support many Domains under the same account unit 

B. Support multiple SmartDirectory (LDAP) servers on which many user databases are distributed 
C. High Availability, where user information can be duplicated across several servers 

D. Encrypted or non-encrypted SmartDirectory (LDAP) Connections usage 


Answer: A 


Question: 21 


Choose the BEST sequence for configuring user management in SmartDashboard, using an LDAP 
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server. 


A. Configure a server object for the LDAP Account Unit, and create an LDAP resource object. 

B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account 
Unit, and enable LDAP in Global Properties. 

C. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create 
an LDAP resource object. 

D. Enable LDAP in Global Properties, configure a host-node object for the LDAP server, and configure 
a server object for the LDAP Account Unit. 


Answer: D 


Question: 22 


The User Directory Software Blade is used to integrate which of the following with a R77 Security 
Gateway? 


A. UserAuthority server 

B. RADIUS server 

C. Account Management Client server 
D. LDAP server 


Answer: D 


Question: 23 


Your users are defined in a Windows 2008 Active Directory server. You must add LDAP users to a 
Client Authentication rule. Which kind of user group do you need in the Client Authentication rule in 
R77? 


A. LDAP group 

B. All Users 

C. External-user group 

D. A group with a generic user 


Answer: A 


Question: 24 


Which of the following commands do you run on the AD server to identify the DN name before 
configuring LDAP integration with the Security Gateway? 


A. dsquery user -name administrator 
B. query Idap -name administrator 
C. Idapquery -name administrator 

D. cpquery -name administrator 
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Answer: A 


Question: 25 


In SmartDirectory, what is each LDAP server called? 


A. Account Server 
B. LDAP Unit 

C. Account Unit 
D. LDAP Server 


Answer: C 


Question: 26 


When defining SmartDirectory for High Availability (HA), which of the following should you do? 


A. Configure Secure Internal Communications with each server and fetch branches from each. 

B. Replicate the same information on multiple Active Directory servers. 

C. Configure a SmartDirectory Cluster object. 

D. Configure the SmartDirectory as a single object using the LDAP cluster IP. Actual HA functionality is 
configured on the servers. 


Answer: B 


Question: 27 


The set of rules that governs the types of objects in the directory and their associated attributes is 
called the: 


A. Schema 

B. SmartDatabase 

C. Access Control List 
D. LDAP Policy 


Answer: A 


Question: 28 


When using SmartDashboard to manage existing users in SmartDirectory, when are the changes 
applied? 


A. At database synchronization 


B. Instantaneously 
C. Never, you cannot manage users through SmartDashboard 
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D. At policy installation 


Answer: B 


Question: 29 


Where multiple SmartDirectory servers exist in an organization, a query from one of the clients for 
user information is made to the servers based on a priority. By what category can this priority be 
defined? 


A. Location or Account Unit 
B. Gateway or Domain 
C. Gateway or Account Unit 
D. Location or Domain 


Answer: C 


Question: 30 


Each entry in SmartDirectory has a unique 


A. Container 

B. Distinguished Name 
C. Organizational Unit 
D. Schema 


Answer: B 
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